October 2010 - rpmfusion-commits

rpms/freetype-freeworld/F-12 freetype-freeworld.spec, 1.8, 1.9 freetype-2.3.11-CVE-2010-2527.patch, 1.1, NONE freetype-2.3.11-CVE-2010-2541.patch, 1.1, NONE

by Kevin Kofler

Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-12 In directory se02.es.rpmfusion.net:/tmp/cvs-serv12543/F-12 Modified Files: freetype-freeworld.spec Removed Files: freetype-2.3.11-CVE-2010-2527.patch freetype-2.3.11-CVE-2010-2541.patch Log Message: Remove CVE-2010-2527 and CVE-2010-2541 patches, which are for the demos, which we don't ship. Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-12/freetype-freeworld.spec,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- freetype-freeworld.spec 5 Oct 2010 14:03:18 -0000 1.8 +++ freetype-freeworld.spec 5 Oct 2010 14:35:45 -0000 1.9 @@ -162,10 +162,6 @@ (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) -- Add freetype-2.3.11-CVE-2010-2527.patch - (Use precision for `%s' where appropriate to avoid buffer overflows) -- Add freetype-2.3.11-CVE-2010-2541.patch - (Avoid overflow when dealing with names of axes) - Resolves: rh#613299 * Wed Dec 16 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-1 --- freetype-2.3.11-CVE-2010-2527.patch DELETED --- --- freetype-2.3.11-CVE-2010-2541.patch DELETED ---

13 years, 6 months

1
0
0 / 0

rpms/freetype-freeworld/F-13 freetype-freeworld.spec, 1.9, 1.10 freetype-2.3.11-CVE-2010-2527.patch, 1.1, NONE freetype-2.3.11-CVE-2010-2541.patch, 1.1, NONE

by Kevin Kofler

Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv12543/F-13 Modified Files: freetype-freeworld.spec Removed Files: freetype-2.3.11-CVE-2010-2527.patch freetype-2.3.11-CVE-2010-2541.patch Log Message: Remove CVE-2010-2527 and CVE-2010-2541 patches, which are for the demos, which we don't ship. Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-13/freetype-freeworld.spec,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- freetype-freeworld.spec 5 Oct 2010 14:02:51 -0000 1.9 +++ freetype-freeworld.spec 5 Oct 2010 14:35:46 -0000 1.10 @@ -157,10 +157,6 @@ (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) -- Add freetype-2.3.11-CVE-2010-2527.patch - (Use precision for `%s' where appropriate to avoid buffer overflows) -- Add freetype-2.3.11-CVE-2010-2541.patch - (Avoid overflow when dealing with names of axes) - Resolves: rh#613299 * Wed Dec 16 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-2 --- freetype-2.3.11-CVE-2010-2527.patch DELETED --- --- freetype-2.3.11-CVE-2010-2541.patch DELETED ---

13 years, 6 months

1
0
0 / 0

by Kevin Kofler

Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-12 In directory se02.es.rpmfusion.net:/tmp/cvs-serv9917/F-12 Modified Files: freetype-freeworld.spec Added Files: freetype-2.3.11-CVE-2010-1797.patch freetype-2.3.11-CVE-2010-2498.patch freetype-2.3.11-CVE-2010-2499.patch freetype-2.3.11-CVE-2010-2500.patch freetype-2.3.11-CVE-2010-2519.patch freetype-2.3.11-CVE-2010-2520.patch freetype-2.3.11-CVE-2010-2527.patch freetype-2.3.11-CVE-2010-2541.patch freetype-2.3.11-CVE-2010-2805.patch freetype-2.3.11-CVE-2010-2806.patch freetype-2.3.11-CVE-2010-2808.patch freetype-2.3.11-CVE-2010-3311.patch Log Message: * Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-2 - Update the description to reflect that the bytecode interpreter is no longer patented (but still disabled in the stock Fedora freetype). - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: rh#638522 - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.) - Resolves: rh#621627 - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points') - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments) - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height') - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows) - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes) - Resolves: rh#613299 freetype-2.3.11-CVE-2010-1797.patch: cffgload.c | 73 ++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 32 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-1797.patch --- --- freetype-2.3.11/src/cff/cffgload.c 2009-09-10 17:52:21.000000000 +0200 +++ freetype-2.3.11/src/cff/cffgload.c 2010-08-11 13:39:32.000000000 +0200 @@ -2358,8 +2358,11 @@ return CFF_Err_Unimplemented_Feature; } - decoder->top = args; + decoder->top = args; + if ( decoder->top - stack >= CFF_MAX_OPERANDS ) + goto Stack_Overflow; + } /* general operator processing */ } /* while ip < limit */ @@ -2627,48 +2630,54 @@ /* now load the unscaled outline */ error = cff_get_glyph_data( face, glyph_index, &charstring, &charstring_len ); - if ( !error ) - { - error = cff_decoder_prepare( &decoder, size, glyph_index ); - if ( !error ) - { - error = cff_decoder_parse_charstrings( &decoder, - charstring, - charstring_len ); + if ( error ) + goto Glyph_Build_Finished; + + error = cff_decoder_prepare( &decoder, size, glyph_index ); + if ( error ) + goto Glyph_Build_Finished; - cff_free_glyph_data( face, &charstring, charstring_len ); + error = cff_decoder_parse_charstrings( &decoder, + charstring, + charstring_len ); + + cff_free_glyph_data( face, &charstring, charstring_len ); + + if ( error ) + goto Glyph_Build_Finished; #ifdef FT_CONFIG_OPTION_INCREMENTAL - /* Control data and length may not be available for incremental */ - /* fonts. */ - if ( face->root.internal->incremental_interface ) - { - glyph->root.control_data = 0; - glyph->root.control_len = 0; - } - else + /* Control data and length may not be available for incremental */ + /* fonts. */ + if ( face->root.internal->incremental_interface ) + { + glyph->root.control_data = 0; + glyph->root.control_len = 0; + } + else #endif /* FT_CONFIG_OPTION_INCREMENTAL */ - /* We set control_data and control_len if charstrings is loaded. */ - /* See how charstring loads at cff_index_access_element() in */ - /* cffload.c. */ - { - CFF_Index csindex = &cff->charstrings_index; + /* We set control_data and control_len if charstrings is loaded. */ + /* See how charstring loads at cff_index_access_element() in */ + /* cffload.c. */ + { + CFF_Index csindex = &cff->charstrings_index; - if ( csindex->offsets ) - { - glyph->root.control_data = csindex->bytes + - csindex->offsets[glyph_index] - 1; - glyph->root.control_len = charstring_len; - } - } + if ( csindex->offsets ) + { + glyph->root.control_data = csindex->bytes + + csindex->offsets[glyph_index] - 1; + glyph->root.control_len = charstring_len; } } - /* save new glyph tables */ - cff_builder_done( &decoder.builder ); + Glyph_Build_Finished: + /* save new glyph tables, if no error */ + if ( !error ) + cff_builder_done( &decoder.builder ); + /* XXX: anything to do for broken glyph entry? */ } #ifdef FT_CONFIG_OPTION_INCREMENTAL freetype-2.3.11-CVE-2010-2498.patch: pshalgo.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2498.patch --- --- freetype-2.3.11/src/pshinter/pshalgo.c 2009-07-03 15:28:24.000000000 +0200 +++ freetype-2.3.11/src/pshinter/pshalgo.c 2010-07-13 13:14:22.000000000 +0200 @@ -4,7 +4,8 @@ /* */ /* PostScript hinting algorithm (body). */ /* */ -/* Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ +/* Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 */ +/* by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used */ @@ -1690,7 +1691,10 @@ /* process secondary hints to `selected' points */ if ( num_masks > 1 && glyph->num_points > 0 ) { - first = mask->end_point; + /* the `endchar' op can reduce the number of points */ + first = mask->end_point > glyph->num_points + ? glyph->num_points + : mask->end_point; mask++; for ( ; num_masks > 1; num_masks--, mask++ ) { @@ -1698,7 +1702,9 @@ FT_Int count; - next = mask->end_point; + next = mask->end_point > glyph->num_points + ? glyph->num_points + : mask->end_point; count = next - first; if ( count > 0 ) { freetype-2.3.11-CVE-2010-2499.patch: ftobjs.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- NEW FILE freetype-2.3.11-CVE-2010-2499.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2009-09-02 08:42:41.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-07-12 16:39:13.000000000 +0200 @@ -1531,6 +1531,8 @@ len += rlen; else { + if ( pfb_lenpos + 3 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); pfb_data[pfb_lenpos + 1] = (FT_Byte)( len >> 8 ); pfb_data[pfb_lenpos + 2] = (FT_Byte)( len >> 16 ); @@ -1539,6 +1541,8 @@ if ( ( flags >> 8 ) == 5 ) /* End of font mark */ break; + if ( pfb_pos + 6 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_pos++] = 0x80; type = flags >> 8; @@ -1553,12 +1557,18 @@ } error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); + if ( error ) + goto Exit2; pfb_pos += rlen; } + if ( pfb_pos + 2 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_pos++] = 0x80; pfb_data[pfb_pos++] = 3; + if ( pfb_lenpos + 3 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); pfb_data[pfb_lenpos + 1] = (FT_Byte)( len >> 8 ); pfb_data[pfb_lenpos + 2] = (FT_Byte)( len >> 16 ); freetype-2.3.11-CVE-2010-2500.patch: ftgrays.c | 2 +- ftsmooth.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2500.patch --- --- freetype-2.3.11/src/smooth/ftgrays.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/smooth/ftgrays.c 2010-07-13 10:26:58.000000000 +0200 @@ -1189,7 +1189,7 @@ /* first of all, compute the scanline offset */ p = (unsigned char*)map->buffer - y * map->pitch; if ( map->pitch >= 0 ) - p += ( map->rows - 1 ) * map->pitch; + p += (unsigned)( ( map->rows - 1 ) * map->pitch ); for ( ; count > 0; count--, spans++ ) { --- freetype-2.3.11/src/smooth/ftsmooth.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/smooth/ftsmooth.c 2010-07-13 10:26:58.000000000 +0200 @@ -4,7 +4,7 @@ /* */ /* Anti-aliasing renderer interface (body). */ /* */ -/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */ +/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -200,7 +200,7 @@ /* Required check is ( pitch * height < FT_ULONG_MAX ), */ /* but we care realistic cases only. Always pitch <= width. */ - if ( width > 0xFFFFU || height > 0xFFFFU ) + if ( width > 0x7FFFU || height > 0x7FFFU ) { FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n", width, height )); freetype-2.3.11-CVE-2010-2519.patch: ftobjs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) --- NEW FILE freetype-2.3.11-CVE-2010-2519.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2010-07-12 17:03:47.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-07-12 17:07:06.000000000 +0200 @@ -1526,7 +1526,19 @@ goto Exit; if ( FT_READ_USHORT( flags ) ) goto Exit; - rlen -= 2; /* the flags are part of the resource */ + FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", + i, offsets[i], rlen, flags )); + + if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ + continue; + + /* the flags are part of the resource, so rlen >= 2. */ + /* but some fonts declare rlen = 0 for empty fragment */ + if ( rlen > 2 ) + rlen -= 2; + else + rlen = 0; + if ( ( flags >> 8 ) == type ) len += rlen; else freetype-2.3.11-CVE-2010-2520.patch: ttinterp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2520.patch --- --- freetype-2.3.11/src/truetype/ttinterp.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/truetype/ttinterp.c 2010-07-15 14:44:23.000000000 +0200 @@ -6466,8 +6466,8 @@ end_point = CUR.pts.contours[contour] - CUR.pts.first_point; first_point = point; - if ( CUR.pts.n_points <= end_point ) - end_point = CUR.pts.n_points; + if ( BOUNDS ( end_point, CUR.pts.n_points ) ) + end_point = CUR.pts.n_points - 1; while ( point <= end_point && ( CUR.pts.tags[point] & mask ) == 0 ) point++; freetype-2.3.11-CVE-2010-2527.patch: ftdiff.c | 4 ++-- ftgrid.c | 10 +++++----- ftmulti.c | 8 ++++---- ftstring.c | 11 ++++++----- ftview.c | 8 ++++---- 5 files changed, 21 insertions(+), 20 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2527.patch --- --- freetype-2.3.11/ft2demos-2.3.11/src/ftdiff.c 2009-04-30 18:07:48.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftdiff.c 2010-07-22 18:18:06.000000000 +0200 @@ -1054,11 +1054,11 @@ state->message = state->message0; if ( total > 1 ) - sprintf( state->message0, "%s %d/%d @ %5.1fpt", + sprintf( state->message0, "%.100s %d/%d @ %5.1fpt", state->filename, idx + 1, total, state->char_size ); else - sprintf( state->message0, "%s @ %5.1fpt", + sprintf( state->message0, "%.100s @ %5.1fpt", state->filename, state->char_size ); } --- freetype-2.3.11/ft2demos-2.3.11/src/ftgrid.c 2009-04-30 18:15:21.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftgrid.c 2010-07-22 18:18:06.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2000, 2003, 2004, 2005, 2006, 2007, 2009 by */ +/* Copyright 1996-2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -787,22 +787,22 @@ grid_status_draw_outline( GridStatus switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", + sprintf( status.header_buffer, "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } --- freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2009-03-14 14:58:28.000000000 +0100 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 18:18:39.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2000, 2003, 2004, 2005 by */ +/* Copyright 1996-2000, 2003, 2004, 2005, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -34,7 +34,7 @@ #define MAXPTSIZE 500 /* dtp */ - char Header[128]; + char Header[256]; char* new_header = 0; const unsigned char* Text = (unsigned char*) @@ -795,7 +795,7 @@ Render_All( Num, ptsize ); } - sprintf( Header, "%s %s (file %s)", + sprintf( Header, "%.50s %.50s (file %.100s)", face->family_name, face->style_name, ft_basename( argv[file] ) ); @@ -830,7 +830,7 @@ } else { - sprintf( Header, "%s: not an MM font file, or could not be opened", + sprintf( Header, "%.100s: not an MM font file, or could not be opened", ft_basename( argv[file] ) ); } --- freetype-2.3.11/ft2demos-2.3.11/src/ftstring.c 2009-03-14 14:58:28.000000000 +0100 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftstring.c 2010-07-22 18:18:06.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2002, 2003, 2004, 2005, 2006, 2007, 2009 by */ +/* Copyright 1996-2002, 2003, 2004, 2005, 2006, 2007, 2009, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -413,19 +413,20 @@ switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", face->family_name, + sprintf( status.header_buffer, + "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", basename, + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } --- freetype-2.3.11/ft2demos-2.3.11/src/ftview.c 2009-04-30 20:08:25.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftview.c 2010-07-22 18:18:06.000000000 +0200 @@ -1086,19 +1086,19 @@ switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", + sprintf( status.header_buffer, "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } freetype-2.3.11-CVE-2010-2541.patch: ftmulti.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2541.patch --- --- freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 19:11:50.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 19:12:41.000000000 +0200 @@ -813,13 +813,13 @@ for ( n = 0; n < (int)multimaster->num_axis; n++ ) { - char temp[32]; + char temp[100]; - sprintf( temp, " %s:%g", + sprintf( temp, " %.50s:%g", multimaster->axis[n].name, - design_pos[n]/65536. ); - strcat( Header, temp ); + design_pos[n] / 65536.0 ); + strncat( Header, temp, sizeof( Header ) - strlen( Header ) - 1 ); } } grWriteCellString( &bit, 0, 16, Header, fore_color ); freetype-2.3.11-CVE-2010-2805.patch: ftstream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- NEW FILE freetype-2.3.11-CVE-2010-2805.patch --- --- freetype-2.3.11/src/base/ftstream.c 2009-08-03 19:51:40.000000000 +0200 +++ freetype-2.3.11/src/base/ftstream.c 2010-09-30 13:46:08.000000000 +0200 @@ -275,7 +275,7 @@ { /* check current and new position */ if ( stream->pos >= stream->size || - stream->pos + count > stream->size ) + stream->size - stream->pos < count ) { FT_ERROR(( "FT_Stream_EnterFrame:" " invalid i/o; pos = 0x%lx, count = %lu, size = 0x%lx\n", freetype-2.3.11-CVE-2010-2806.patch: t42parse.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2806.patch --- --- freetype-2.3.11/src/type42/t42parse.c 2009-07-03 15:28:24.000000000 +0200 +++ freetype-2.3.11/src/type42/t42parse.c 2010-09-23 12:15:56.000000000 +0200 @@ -4,7 +4,7 @@ /* */ /* Type 42 font parser (body). */ /* */ -/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ +/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */ /* Roberto Alameda. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -575,6 +575,12 @@ } string_size = T1_ToInt( parser ); + if ( string_size < 0 ) + { + FT_ERROR(( "t42_parse_sfnts: invalid string size\n" )); + error = T42_Err_Invalid_File_Format; + goto Fail; + } T1_Skip_PS_Token( parser ); /* `RD' */ if ( parser->root.error ) @@ -582,13 +588,14 @@ string_buf = parser->root.cursor + 1; /* one space after `RD' */ - parser->root.cursor += string_size + 1; - if ( parser->root.cursor >= limit ) + if ( limit - parser->root.cursor < string_size ) { FT_ERROR(( "t42_parse_sfnts: too many binary data\n" )); error = T42_Err_Invalid_File_Format; goto Fail; } + else + parser->root.cursor += string_size + 1; } if ( !string_buf ) freetype-2.3.11-CVE-2010-2808.patch: ftobjs.c | 5 +++++ 1 file changed, 5 insertions(+) --- NEW FILE freetype-2.3.11-CVE-2010-2808.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2010-09-30 13:58:50.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-09-30 13:59:31.000000000 +0200 @@ -1529,6 +1529,7 @@ FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", i, offsets[i], rlen, flags )); + /* postpone the check of rlen longer than buffer until FT_Stream_Read() */ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ continue; @@ -1568,6 +1569,10 @@ pfb_data[pfb_pos++] = 0; } + error = FT_Err_Cannot_Open_Resource; + if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) + goto Exit2; + error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); if ( error ) goto Exit2; freetype-2.3.11-CVE-2010-3311.patch: ftstream.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-3311.patch --- --- freetype-2.3.11/src/base/ftstream.c 2010-09-30 14:12:38.000000000 +0200 +++ freetype-2.3.11/src/base/ftstream.c 2010-09-30 14:12:59.000000000 +0200 @@ -59,8 +59,17 @@ { FT_Error error = FT_Err_Ok; + /* note that seeking to the first position after the file is valid */ + if ( pos > stream->size ) + { + FT_ERROR(( "FT_Stream_Seek:" + " invalid i/o; pos = 0x%lx, size = 0x%lx\n", + pos, stream->size )); - if ( stream->read ) + error = FT_Err_Invalid_Stream_Operation; + } + + if ( !error && stream->read ) { if ( stream->read( stream, pos, 0, 0 ) ) { @@ -71,15 +80,6 @@ error = FT_Err_Invalid_Stream_Operation; } } - /* note that seeking to the first position after the file is valid */ - else if ( pos > stream->size ) - { - FT_ERROR(( "FT_Stream_Seek:" - " invalid i/o; pos = 0x%lx, size = 0x%lx\n", - pos, stream->size )); - - error = FT_Err_Invalid_Stream_Operation; - } if ( !error ) stream->pos = pos; Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-12/freetype-freeworld.spec,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- freetype-freeworld.spec 16 Dec 2009 23:50:48 -0000 1.7 +++ freetype-freeworld.spec 5 Oct 2010 14:03:18 -0000 1.8 @@ -8,7 +8,7 @@ Summary: A free and portable font rendering engine Name: freetype-freeworld Version: 2.3.11 -Release: 1%{?dist} +Release: 2%{?dist} License: FTL or GPLv2+ Group: System Environment/Libraries URL: http://www.freetype.org @@ -21,6 +21,20 @@ # Enable otvalid and gxvalid modules Patch46: freetype-2.2.1-enable-valid.patch +# Security patches +Patch89: freetype-2.3.11-CVE-2010-2498.patch +Patch90: freetype-2.3.11-CVE-2010-2499.patch +Patch91: freetype-2.3.11-CVE-2010-2500.patch +Patch92: freetype-2.3.11-CVE-2010-2519.patch +Patch93: freetype-2.3.11-CVE-2010-2520.patch +Patch94: freetype-2.3.11-CVE-2010-2527.patch +Patch95: freetype-2.3.11-CVE-2010-2541.patch +Patch96: freetype-2.3.11-CVE-2010-1797.patch +Patch97: freetype-2.3.11-CVE-2010-2805.patch +Patch98: freetype-2.3.11-CVE-2010-2806.patch +Patch99: freetype-2.3.11-CVE-2010-2808.patch +Patch100: freetype-2.3.11-CVE-2010-3311.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) %if !0%{?without_bytecode_interpreter} @@ -41,24 +55,10 @@ individual glyphs. FreeType is not a font server or a complete text-rendering library. -This version is compiled with the patented bytecode interpreter and subpixel -rendering enabled. It transparently overrides the system library using -ld.so.conf.d. - - -%package devel -Summary: FreeType development libraries and header files -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: zlib-devel -Requires: pkgconfig - -%description devel -The freetype-devel package includes the static libraries and header files -for the FreeType font rendering engine. - -Install freetype-devel if you want to develop programs which will use -FreeType. +This version is compiled with the patented subpixel rendering and the formerly +patented bytecode interpreter (which is still disabled in the stock Fedora +packages for technical reasons) enabled. It transparently overrides the system +library using ld.so.conf.d. %prep @@ -74,6 +74,19 @@ %patch46 -p1 -b .enable-valid +%patch89 -p1 -b .CVE-2010-2498 +%patch90 -p1 -b .CVE-2010-2499 +%patch91 -p1 -b .CVE-2010-2500 +%patch92 -p1 -b .CVE-2010-2519 +%patch93 -p1 -b .CVE-2010-2520 +%patch94 -p1 -b .CVE-2010-2527 +%patch95 -p1 -b .CVE-2010-2541 +%patch96 -p1 -b .CVE-2010-1797 +%patch97 -p1 -b .CVE-2010-2805 +%patch98 -p1 -b .CVE-2010-2806 +%patch99 -p1 -b .CVE-2010-2808 +%patch100 -p1 -b .CVE-2010-3311 + %build %configure --disable-static @@ -122,6 +135,39 @@ %config(noreplace) %{_sysconfdir}/fonts/conf.d/*.conf %changelog +* Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-2 +- Update the description to reflect that the bytecode interpreter is no longer + patented (but still disabled in the stock Fedora freetype). +- Add freetype-2.3.11-CVE-2010-2805.patch + (Fix comparison.) +- Add freetype-2.3.11-CVE-2010-2806.patch + (Protect against negative string_size. Fix comparison.) +- Add freetype-2.3.11-CVE-2010-2808.patch + (Check the total length of collected POST segments.) +- Add freetype-2.3.11-CVE-2010-3311.patch + (Don't seek behind end of stream.) +- Resolves: rh#638522 +- Add freetype-2.3.11-CVE-2010-1797.patch + (Check stack after execution of operations too. + Skip the evaluations of the values in decoder, if + cff_decoder_parse_charstrings() returns any error.) +- Resolves: rh#621627 +- Add freetype-2.3.11-CVE-2010-2498.patch + (Assure that `end_point' is not larger than `glyph->num_points') +- Add freetype-2.3.11-CVE-2010-2499.patch + (Check the buffer size during gathering PFB fragments) +- Add freetype-2.3.11-CVE-2010-2500.patch + (Use smaller threshold values for `width' and `height') +- Add freetype-2.3.11-CVE-2010-2519.patch + (Check `rlen' the length of fragment declared in the POST fragment header) +- Add freetype-2.3.11-CVE-2010-2520.patch + (Fix bounds check) +- Add freetype-2.3.11-CVE-2010-2527.patch + (Use precision for `%s' where appropriate to avoid buffer overflows) +- Add freetype-2.3.11-CVE-2010-2541.patch + (Avoid overflow when dealing with names of axes) +- Resolves: rh#613299 + * Wed Dec 16 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-1 - Update to 2.3.11 (matches Fedora freetype, fixes aliasing issue rh#513582) - Drop upstreamed memcpy-fix patch

13 years, 6 months

1
0
0 / 0

by Kevin Kofler

Author: kkofler Update of /cvs/free/rpms/freetype-freeworld/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv9852/F-13 Modified Files: freetype-freeworld.spec Added Files: freetype-2.3.11-CVE-2010-1797.patch freetype-2.3.11-CVE-2010-2498.patch freetype-2.3.11-CVE-2010-2499.patch freetype-2.3.11-CVE-2010-2500.patch freetype-2.3.11-CVE-2010-2519.patch freetype-2.3.11-CVE-2010-2520.patch freetype-2.3.11-CVE-2010-2527.patch freetype-2.3.11-CVE-2010-2541.patch freetype-2.3.11-CVE-2010-2805.patch freetype-2.3.11-CVE-2010-2806.patch freetype-2.3.11-CVE-2010-2808.patch freetype-2.3.11-CVE-2010-3311.patch Log Message: * Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-3 - Update the description to reflect that the bytecode interpreter was disabled in Fedora again. - Restore the conditionals (for the above reason). - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: rh#638522 - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.) - Resolves: rh#621627 - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points') - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments) - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height') - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows) - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes) - Resolves: rh#613299 freetype-2.3.11-CVE-2010-1797.patch: cffgload.c | 73 ++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 32 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-1797.patch --- --- freetype-2.3.11/src/cff/cffgload.c 2009-09-10 17:52:21.000000000 +0200 +++ freetype-2.3.11/src/cff/cffgload.c 2010-08-11 13:39:32.000000000 +0200 @@ -2358,8 +2358,11 @@ return CFF_Err_Unimplemented_Feature; } - decoder->top = args; + decoder->top = args; + if ( decoder->top - stack >= CFF_MAX_OPERANDS ) + goto Stack_Overflow; + } /* general operator processing */ } /* while ip < limit */ @@ -2627,48 +2630,54 @@ /* now load the unscaled outline */ error = cff_get_glyph_data( face, glyph_index, &charstring, &charstring_len ); - if ( !error ) - { - error = cff_decoder_prepare( &decoder, size, glyph_index ); - if ( !error ) - { - error = cff_decoder_parse_charstrings( &decoder, - charstring, - charstring_len ); + if ( error ) + goto Glyph_Build_Finished; + + error = cff_decoder_prepare( &decoder, size, glyph_index ); + if ( error ) + goto Glyph_Build_Finished; - cff_free_glyph_data( face, &charstring, charstring_len ); + error = cff_decoder_parse_charstrings( &decoder, + charstring, + charstring_len ); + + cff_free_glyph_data( face, &charstring, charstring_len ); + + if ( error ) + goto Glyph_Build_Finished; #ifdef FT_CONFIG_OPTION_INCREMENTAL - /* Control data and length may not be available for incremental */ - /* fonts. */ - if ( face->root.internal->incremental_interface ) - { - glyph->root.control_data = 0; - glyph->root.control_len = 0; - } - else + /* Control data and length may not be available for incremental */ + /* fonts. */ + if ( face->root.internal->incremental_interface ) + { + glyph->root.control_data = 0; + glyph->root.control_len = 0; + } + else #endif /* FT_CONFIG_OPTION_INCREMENTAL */ - /* We set control_data and control_len if charstrings is loaded. */ - /* See how charstring loads at cff_index_access_element() in */ - /* cffload.c. */ - { - CFF_Index csindex = &cff->charstrings_index; + /* We set control_data and control_len if charstrings is loaded. */ + /* See how charstring loads at cff_index_access_element() in */ + /* cffload.c. */ + { + CFF_Index csindex = &cff->charstrings_index; - if ( csindex->offsets ) - { - glyph->root.control_data = csindex->bytes + - csindex->offsets[glyph_index] - 1; - glyph->root.control_len = charstring_len; - } - } + if ( csindex->offsets ) + { + glyph->root.control_data = csindex->bytes + + csindex->offsets[glyph_index] - 1; + glyph->root.control_len = charstring_len; } } - /* save new glyph tables */ - cff_builder_done( &decoder.builder ); + Glyph_Build_Finished: + /* save new glyph tables, if no error */ + if ( !error ) + cff_builder_done( &decoder.builder ); + /* XXX: anything to do for broken glyph entry? */ } #ifdef FT_CONFIG_OPTION_INCREMENTAL freetype-2.3.11-CVE-2010-2498.patch: pshalgo.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2498.patch --- --- freetype-2.3.11/src/pshinter/pshalgo.c 2009-07-03 15:28:24.000000000 +0200 +++ freetype-2.3.11/src/pshinter/pshalgo.c 2010-07-13 13:14:22.000000000 +0200 @@ -4,7 +4,8 @@ /* */ /* PostScript hinting algorithm (body). */ /* */ -/* Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ +/* Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 */ +/* by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used */ @@ -1690,7 +1691,10 @@ /* process secondary hints to `selected' points */ if ( num_masks > 1 && glyph->num_points > 0 ) { - first = mask->end_point; + /* the `endchar' op can reduce the number of points */ + first = mask->end_point > glyph->num_points + ? glyph->num_points + : mask->end_point; mask++; for ( ; num_masks > 1; num_masks--, mask++ ) { @@ -1698,7 +1702,9 @@ FT_Int count; - next = mask->end_point; + next = mask->end_point > glyph->num_points + ? glyph->num_points + : mask->end_point; count = next - first; if ( count > 0 ) { freetype-2.3.11-CVE-2010-2499.patch: ftobjs.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- NEW FILE freetype-2.3.11-CVE-2010-2499.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2009-09-02 08:42:41.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-07-12 16:39:13.000000000 +0200 @@ -1531,6 +1531,8 @@ len += rlen; else { + if ( pfb_lenpos + 3 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); pfb_data[pfb_lenpos + 1] = (FT_Byte)( len >> 8 ); pfb_data[pfb_lenpos + 2] = (FT_Byte)( len >> 16 ); @@ -1539,6 +1541,8 @@ if ( ( flags >> 8 ) == 5 ) /* End of font mark */ break; + if ( pfb_pos + 6 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_pos++] = 0x80; type = flags >> 8; @@ -1553,12 +1557,18 @@ } error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); + if ( error ) + goto Exit2; pfb_pos += rlen; } + if ( pfb_pos + 2 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_pos++] = 0x80; pfb_data[pfb_pos++] = 3; + if ( pfb_lenpos + 3 > pfb_len + 2 ) + goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); pfb_data[pfb_lenpos + 1] = (FT_Byte)( len >> 8 ); pfb_data[pfb_lenpos + 2] = (FT_Byte)( len >> 16 ); freetype-2.3.11-CVE-2010-2500.patch: ftgrays.c | 2 +- ftsmooth.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2500.patch --- --- freetype-2.3.11/src/smooth/ftgrays.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/smooth/ftgrays.c 2010-07-13 10:26:58.000000000 +0200 @@ -1189,7 +1189,7 @@ /* first of all, compute the scanline offset */ p = (unsigned char*)map->buffer - y * map->pitch; if ( map->pitch >= 0 ) - p += ( map->rows - 1 ) * map->pitch; + p += (unsigned)( ( map->rows - 1 ) * map->pitch ); for ( ; count > 0; count--, spans++ ) { --- freetype-2.3.11/src/smooth/ftsmooth.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/smooth/ftsmooth.c 2010-07-13 10:26:58.000000000 +0200 @@ -4,7 +4,7 @@ /* */ /* Anti-aliasing renderer interface (body). */ /* */ -/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2009 by */ +/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -200,7 +200,7 @@ /* Required check is ( pitch * height < FT_ULONG_MAX ), */ /* but we care realistic cases only. Always pitch <= width. */ - if ( width > 0xFFFFU || height > 0xFFFFU ) + if ( width > 0x7FFFU || height > 0x7FFFU ) { FT_ERROR(( "ft_smooth_render_generic: glyph too large: %d x %d\n", width, height )); freetype-2.3.11-CVE-2010-2519.patch: ftobjs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) --- NEW FILE freetype-2.3.11-CVE-2010-2519.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2010-07-12 17:03:47.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-07-12 17:07:06.000000000 +0200 @@ -1526,7 +1526,19 @@ goto Exit; if ( FT_READ_USHORT( flags ) ) goto Exit; - rlen -= 2; /* the flags are part of the resource */ + FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", + i, offsets[i], rlen, flags )); + + if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ + continue; + + /* the flags are part of the resource, so rlen >= 2. */ + /* but some fonts declare rlen = 0 for empty fragment */ + if ( rlen > 2 ) + rlen -= 2; + else + rlen = 0; + if ( ( flags >> 8 ) == type ) len += rlen; else freetype-2.3.11-CVE-2010-2520.patch: ttinterp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2520.patch --- --- freetype-2.3.11/src/truetype/ttinterp.c 2009-07-31 18:45:19.000000000 +0200 +++ freetype-2.3.11/src/truetype/ttinterp.c 2010-07-15 14:44:23.000000000 +0200 @@ -6466,8 +6466,8 @@ end_point = CUR.pts.contours[contour] - CUR.pts.first_point; first_point = point; - if ( CUR.pts.n_points <= end_point ) - end_point = CUR.pts.n_points; + if ( BOUNDS ( end_point, CUR.pts.n_points ) ) + end_point = CUR.pts.n_points - 1; while ( point <= end_point && ( CUR.pts.tags[point] & mask ) == 0 ) point++; freetype-2.3.11-CVE-2010-2527.patch: ftdiff.c | 4 ++-- ftgrid.c | 10 +++++----- ftmulti.c | 8 ++++---- ftstring.c | 11 ++++++----- ftview.c | 8 ++++---- 5 files changed, 21 insertions(+), 20 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2527.patch --- --- freetype-2.3.11/ft2demos-2.3.11/src/ftdiff.c 2009-04-30 18:07:48.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftdiff.c 2010-07-22 18:18:06.000000000 +0200 @@ -1054,11 +1054,11 @@ state->message = state->message0; if ( total > 1 ) - sprintf( state->message0, "%s %d/%d @ %5.1fpt", + sprintf( state->message0, "%.100s %d/%d @ %5.1fpt", state->filename, idx + 1, total, state->char_size ); else - sprintf( state->message0, "%s @ %5.1fpt", + sprintf( state->message0, "%.100s @ %5.1fpt", state->filename, state->char_size ); } --- freetype-2.3.11/ft2demos-2.3.11/src/ftgrid.c 2009-04-30 18:15:21.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftgrid.c 2010-07-22 18:18:06.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2000, 2003, 2004, 2005, 2006, 2007, 2009 by */ +/* Copyright 1996-2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -787,22 +787,22 @@ grid_status_draw_outline( GridStatus switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", + sprintf( status.header_buffer, "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } --- freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2009-03-14 14:58:28.000000000 +0100 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 18:18:39.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2000, 2003, 2004, 2005 by */ +/* Copyright 1996-2000, 2003, 2004, 2005, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -34,7 +34,7 @@ #define MAXPTSIZE 500 /* dtp */ - char Header[128]; + char Header[256]; char* new_header = 0; const unsigned char* Text = (unsigned char*) @@ -795,7 +795,7 @@ Render_All( Num, ptsize ); } - sprintf( Header, "%s %s (file %s)", + sprintf( Header, "%.50s %.50s (file %.100s)", face->family_name, face->style_name, ft_basename( argv[file] ) ); @@ -830,7 +830,7 @@ } else { - sprintf( Header, "%s: not an MM font file, or could not be opened", + sprintf( Header, "%.100s: not an MM font file, or could not be opened", ft_basename( argv[file] ) ); } --- freetype-2.3.11/ft2demos-2.3.11/src/ftstring.c 2009-03-14 14:58:28.000000000 +0100 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftstring.c 2010-07-22 18:18:06.000000000 +0200 @@ -2,7 +2,7 @@ /* */ /* The FreeType project -- a free and portable quality TrueType renderer. */ /* */ -/* Copyright 1996-2002, 2003, 2004, 2005, 2006, 2007, 2009 by */ +/* Copyright 1996-2002, 2003, 2004, 2005, 2006, 2007, 2009, 2010 by */ /* D. Turner, R.Wilhelm, and W. Lemberg */ /* */ /* */ @@ -413,19 +413,20 @@ switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", face->family_name, + sprintf( status.header_buffer, + "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", basename, + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } --- freetype-2.3.11/ft2demos-2.3.11/src/ftview.c 2009-04-30 20:08:25.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftview.c 2010-07-22 18:18:06.000000000 +0200 @@ -1086,19 +1086,19 @@ switch ( error_code ) { case FT_Err_Ok: - sprintf( status.header_buffer, "%s %s (file `%s')", + sprintf( status.header_buffer, "%.50s %.50s (file `%.100s')", face->family_name, face->style_name, basename ); break; case FT_Err_Invalid_Pixel_Size: - sprintf( status.header_buffer, "Invalid pixel size (file `%s')", + sprintf( status.header_buffer, "Invalid pixel size (file `%.100s')", basename ); break; case FT_Err_Invalid_PPem: - sprintf( status.header_buffer, "Invalid ppem value (file `%s')", + sprintf( status.header_buffer, "Invalid ppem value (file `%.100s')", basename ); break; default: - sprintf( status.header_buffer, "File `%s': error 0x%04x", + sprintf( status.header_buffer, "File `%.100s': error 0x%04x", basename, (FT_UShort)error_code ); break; } freetype-2.3.11-CVE-2010-2541.patch: ftmulti.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2541.patch --- --- freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 19:11:50.000000000 +0200 +++ freetype-2.3.11/ft2demos-2.3.11/src/ftmulti.c 2010-07-22 19:12:41.000000000 +0200 @@ -813,13 +813,13 @@ for ( n = 0; n < (int)multimaster->num_axis; n++ ) { - char temp[32]; + char temp[100]; - sprintf( temp, " %s:%g", + sprintf( temp, " %.50s:%g", multimaster->axis[n].name, - design_pos[n]/65536. ); - strcat( Header, temp ); + design_pos[n] / 65536.0 ); + strncat( Header, temp, sizeof( Header ) - strlen( Header ) - 1 ); } } grWriteCellString( &bit, 0, 16, Header, fore_color ); freetype-2.3.11-CVE-2010-2805.patch: ftstream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- NEW FILE freetype-2.3.11-CVE-2010-2805.patch --- --- freetype-2.3.11/src/base/ftstream.c 2009-08-03 19:51:40.000000000 +0200 +++ freetype-2.3.11/src/base/ftstream.c 2010-09-30 13:46:08.000000000 +0200 @@ -275,7 +275,7 @@ { /* check current and new position */ if ( stream->pos >= stream->size || - stream->pos + count > stream->size ) + stream->size - stream->pos < count ) { FT_ERROR(( "FT_Stream_EnterFrame:" " invalid i/o; pos = 0x%lx, count = %lu, size = 0x%lx\n", freetype-2.3.11-CVE-2010-2806.patch: t42parse.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-2806.patch --- --- freetype-2.3.11/src/type42/t42parse.c 2009-07-03 15:28:24.000000000 +0200 +++ freetype-2.3.11/src/type42/t42parse.c 2010-09-23 12:15:56.000000000 +0200 @@ -4,7 +4,7 @@ /* */ /* Type 42 font parser (body). */ /* */ -/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ +/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */ /* Roberto Alameda. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -575,6 +575,12 @@ } string_size = T1_ToInt( parser ); + if ( string_size < 0 ) + { + FT_ERROR(( "t42_parse_sfnts: invalid string size\n" )); + error = T42_Err_Invalid_File_Format; + goto Fail; + } T1_Skip_PS_Token( parser ); /* `RD' */ if ( parser->root.error ) @@ -582,13 +588,14 @@ string_buf = parser->root.cursor + 1; /* one space after `RD' */ - parser->root.cursor += string_size + 1; - if ( parser->root.cursor >= limit ) + if ( limit - parser->root.cursor < string_size ) { FT_ERROR(( "t42_parse_sfnts: too many binary data\n" )); error = T42_Err_Invalid_File_Format; goto Fail; } + else + parser->root.cursor += string_size + 1; } if ( !string_buf ) freetype-2.3.11-CVE-2010-2808.patch: ftobjs.c | 5 +++++ 1 file changed, 5 insertions(+) --- NEW FILE freetype-2.3.11-CVE-2010-2808.patch --- --- freetype-2.3.11/src/base/ftobjs.c 2010-09-30 13:58:50.000000000 +0200 +++ freetype-2.3.11/src/base/ftobjs.c 2010-09-30 13:59:31.000000000 +0200 @@ -1529,6 +1529,7 @@ FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", i, offsets[i], rlen, flags )); + /* postpone the check of rlen longer than buffer until FT_Stream_Read() */ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ continue; @@ -1568,6 +1569,10 @@ pfb_data[pfb_pos++] = 0; } + error = FT_Err_Cannot_Open_Resource; + if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) + goto Exit2; + error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); if ( error ) goto Exit2; freetype-2.3.11-CVE-2010-3311.patch: ftstream.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- NEW FILE freetype-2.3.11-CVE-2010-3311.patch --- --- freetype-2.3.11/src/base/ftstream.c 2010-09-30 14:12:38.000000000 +0200 +++ freetype-2.3.11/src/base/ftstream.c 2010-09-30 14:12:59.000000000 +0200 @@ -59,8 +59,17 @@ { FT_Error error = FT_Err_Ok; + /* note that seeking to the first position after the file is valid */ + if ( pos > stream->size ) + { + FT_ERROR(( "FT_Stream_Seek:" + " invalid i/o; pos = 0x%lx, size = 0x%lx\n", + pos, stream->size )); - if ( stream->read ) + error = FT_Err_Invalid_Stream_Operation; + } + + if ( !error && stream->read ) { if ( stream->read( stream, pos, 0, 0 ) ) { @@ -71,15 +80,6 @@ error = FT_Err_Invalid_Stream_Operation; } } - /* note that seeking to the first position after the file is valid */ - else if ( pos > stream->size ) - { - FT_ERROR(( "FT_Stream_Seek:" - " invalid i/o; pos = 0x%lx, size = 0x%lx\n", - pos, stream->size )); - - error = FT_Err_Invalid_Stream_Operation; - } if ( !error ) stream->pos = pos; Index: freetype-freeworld.spec =================================================================== RCS file: /cvs/free/rpms/freetype-freeworld/F-13/freetype-freeworld.spec,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- freetype-freeworld.spec 16 Dec 2009 23:57:35 -0000 1.8 +++ freetype-freeworld.spec 5 Oct 2010 14:02:51 -0000 1.9 @@ -1,9 +1,14 @@ +# Enable patented bytecode interpreter and patented subpixel rendering. +# Setting to 1 disables them. +%define without_bytecode_interpreter 0 +%define without_subpixel_rendering 0 + %{!?with_xfree86:%define with_xfree86 1} Summary: A free and portable font rendering engine Name: freetype-freeworld Version: 2.3.11 -Release: 2%{?dist} +Release: 3%{?dist} License: FTL or GPLv2+ Group: System Environment/Libraries URL: http://www.freetype.org @@ -15,10 +20,28 @@ # Enable otvalid and gxvalid modules Patch46: freetype-2.2.1-enable-valid.patch +# Security patches +Patch89: freetype-2.3.11-CVE-2010-2498.patch +Patch90: freetype-2.3.11-CVE-2010-2499.patch +Patch91: freetype-2.3.11-CVE-2010-2500.patch +Patch92: freetype-2.3.11-CVE-2010-2519.patch +Patch93: freetype-2.3.11-CVE-2010-2520.patch +Patch94: freetype-2.3.11-CVE-2010-2527.patch +Patch95: freetype-2.3.11-CVE-2010-2541.patch +Patch96: freetype-2.3.11-CVE-2010-1797.patch +Patch97: freetype-2.3.11-CVE-2010-2805.patch +Patch98: freetype-2.3.11-CVE-2010-2806.patch +Patch99: freetype-2.3.11-CVE-2010-2808.patch +Patch100: freetype-2.3.11-CVE-2010-3311.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) +%if !0%{?without_bytecode_interpreter} Provides: freetype-bytecode +%endif +%if !0%{?without_subpixel_rendering} Provides: freetype-subpixel +%endif Requires: /etc/ld.so.conf.d BuildRequires: libX11-devel @@ -31,18 +54,38 @@ individual glyphs. FreeType is not a font server or a complete text-rendering library. -This version is compiled with the patented subpixel rendering enabled. It -transparently overrides the system library using ld.so.conf.d. +This version is compiled with the patented subpixel rendering and the formerly +patented bytecode interpreter (which is still disabled in the stock Fedora +packages for technical reasons) enabled. It transparently overrides the system +library using ld.so.conf.d. %prep %setup -q -n freetype-%{version} +%if ! %{without_bytecode_interpreter} %patch20 -p1 -b .enable-ft2-bci +%endif + +%if ! %{without_subpixel_rendering} %patch21 -p1 -b .enable-spr +%endif %patch46 -p1 -b .enable-valid +%patch89 -p1 -b .CVE-2010-2498 +%patch90 -p1 -b .CVE-2010-2499 +%patch91 -p1 -b .CVE-2010-2500 +%patch92 -p1 -b .CVE-2010-2519 +%patch93 -p1 -b .CVE-2010-2520 +%patch94 -p1 -b .CVE-2010-2527 +%patch95 -p1 -b .CVE-2010-2541 +%patch96 -p1 -b .CVE-2010-1797 +%patch97 -p1 -b .CVE-2010-2805 +%patch98 -p1 -b .CVE-2010-2806 +%patch99 -p1 -b .CVE-2010-2808 +%patch100 -p1 -b .CVE-2010-3311 + %build %configure --disable-static @@ -86,6 +129,40 @@ %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %changelog +* Tue Oct 05 2010 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-3 +- Update the description to reflect that the bytecode interpreter was disabled + in Fedora again. +- Restore the conditionals (for the above reason). +- Add freetype-2.3.11-CVE-2010-2805.patch + (Fix comparison.) +- Add freetype-2.3.11-CVE-2010-2806.patch + (Protect against negative string_size. Fix comparison.) +- Add freetype-2.3.11-CVE-2010-2808.patch + (Check the total length of collected POST segments.) +- Add freetype-2.3.11-CVE-2010-3311.patch + (Don't seek behind end of stream.) +- Resolves: rh#638522 +- Add freetype-2.3.11-CVE-2010-1797.patch + (Check stack after execution of operations too. + Skip the evaluations of the values in decoder, if + cff_decoder_parse_charstrings() returns any error.) +- Resolves: rh#621627 +- Add freetype-2.3.11-CVE-2010-2498.patch + (Assure that `end_point' is not larger than `glyph->num_points') +- Add freetype-2.3.11-CVE-2010-2499.patch + (Check the buffer size during gathering PFB fragments) +- Add freetype-2.3.11-CVE-2010-2500.patch + (Use smaller threshold values for `width' and `height') +- Add freetype-2.3.11-CVE-2010-2519.patch + (Check `rlen' the length of fragment declared in the POST fragment header) +- Add freetype-2.3.11-CVE-2010-2520.patch + (Fix bounds check) +- Add freetype-2.3.11-CVE-2010-2527.patch + (Use precision for `%s' where appropriate to avoid buffer overflows) +- Add freetype-2.3.11-CVE-2010-2541.patch + (Avoid overflow when dealing with names of axes) +- Resolves: rh#613299 + * Wed Dec 16 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> 2.3.11-2 - Drop conditionals, always build the bytecode interpreter (now also in Fedora) and subpixel rendering (as that's the only reason to build freetype-freeworld

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools/F-13 .cvsignore,1.16,1.17

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv26536 Modified Files: .cvsignore Log Message: Fixing .cvsignore Index: .cvsignore =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/F-13/.cvsignore,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- .cvsignore 8 Apr 2010 06:40:56 -0000 1.16 +++ .cvsignore 5 Oct 2010 09:57:24 -0000 1.17 @@ -1 +1 @@ -open-vm-tools-2010.03.20-243334.tar.gz +open-vm-tools-2010.04.25-253928.tar.gz

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools-kmod/F-13 .cvsignore, 1.16, 1.17 open-vm-tools-kmod.spec, 1.65, 1.66 sources, 1.16, 1.17

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools-kmod/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv26329 Modified Files: .cvsignore open-vm-tools-kmod.spec sources Log Message: Update to build 253928. Removed pvscsi module, upstream since 2.6.33 Index: .cvsignore =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/F-13/.cvsignore,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- .cvsignore 8 Apr 2010 06:45:05 -0000 1.16 +++ .cvsignore 5 Oct 2010 09:54:31 -0000 1.17 @@ -1 +1 @@ -open-vm-tools-2010.03.20-243334.tar.gz +open-vm-tools-2010.04.25-253928.tar.gz Index: open-vm-tools-kmod.spec =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/F-13/open-vm-tools-kmod.spec,v retrieving revision 1.65 retrieving revision 1.66 diff -u -r1.65 -r1.66 --- open-vm-tools-kmod.spec 19 Sep 2010 07:30:37 -0000 1.65 +++ open-vm-tools-kmod.spec 5 Oct 2010 09:54:31 -0000 1.66 @@ -7,13 +7,13 @@ %define buildforkernels newest %define tname open-vm-tools -%define builddate 2010.03.20 -%define buildver 243334 -%define ovtmodules vmblock vmci vmhgfs vmmemctl vmsync vmxnet vsock pvscsi +%define builddate 2010.04.25 +%define buildver 253928 +%define ovtmodules vmblock vmci vmhgfs vmmemctl vmsync vmxnet vsock Name: open-vm-tools-kmod Version: 0.0.0.%{buildver} -Release: 1%{?dist}.17 +Release: 1%{?dist} Summary: VMware Tools Kernel Modules Group: System Environment/Kernel License: GPLv2 @@ -23,7 +23,7 @@ BuildRoot: %{_tmppath}/%{name}-%{builddate}-%{release}-root-%(%{__id_u} -n) # VMWare only supports x86 architectures. -ExclusiveArch: i686 x86_64 +ExclusiveArch: %{ix86} x86_64 # get the needed BuildRequires (in parts depending on what we build for) BuildRequires: %{_bindir}/kmodtool @@ -76,6 +76,10 @@ %changelog +* Tue Oct 5 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.253928-1 +- Update to build 253928 +- Removed pvscsi module, upstream since 2.6.33 + * Sun Sep 19 2010 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 0.0.0.243334-1.17 - rebuild for new kernel Index: sources =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/F-13/sources,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- sources 8 Apr 2010 06:45:05 -0000 1.16 +++ sources 5 Oct 2010 09:54:31 -0000 1.17 @@ -1 +1 @@ -c7c12081a718b341c70463ac4b3509a2 open-vm-tools-2010.03.20-243334.tar.gz +da0ed15d29f4a1f6eca21e8aeeabb476 open-vm-tools-2010.04.25-253928.tar.gz

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools/F-13 open-vm-tools-guestd.init,1.3,1.4

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv25897 Modified Files: open-vm-tools-guestd.init Log Message: Make loading of vmmemctl module conditional on absence of vmware_balloon, since F-13 spans both 2.6.33 and 2.6.34 kernels Index: open-vm-tools-guestd.init =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/F-13/open-vm-tools-guestd.init,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- open-vm-tools-guestd.init 20 Mar 2010 13:54:14 -0000 1.3 +++ open-vm-tools-guestd.init 5 Oct 2010 09:52:42 -0000 1.4 @@ -21,13 +21,19 @@ OPTIONS="-b $PID_FILE" DND_DIR="/tmp/VMwareDnD" +has_balloon() +{ + bminfo=`/sbin/modinfo vmware_balloon > /dev/null 2>&1` + return $? +} + setup_modules() { [ ! -d "$DND_DIR" ] && mkdir -m 1777 $DND_DIR modprobe vmsync modprobe vmci modprobe vsock - modprobe vmmemctl + has_balloon || modprobe vmmemctl modprobe vmhgfs modprobe vmblock sleep 1

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools/F-13 open-vm-tools.spec, 1.20, 1.21 sources, 1.16, 1.17

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools/F-13 In directory se02.es.rpmfusion.net:/tmp/cvs-serv25361 Modified Files: open-vm-tools.spec sources Log Message: Update to build 253928. Some files section updates Index: open-vm-tools.spec =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/F-13/open-vm-tools.spec,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- open-vm-tools.spec 8 Apr 2010 06:40:56 -0000 1.20 +++ open-vm-tools.spec 5 Oct 2010 09:45:10 -0000 1.21 @@ -1,5 +1,5 @@ -%define builddate 2010.03.20 -%define buildver 243334 +%define builddate 2010.04.25 +%define buildver 253928 Name: open-vm-tools Version: 0.0.0.%{buildver} @@ -16,7 +16,7 @@ Patch0: open-vm-tools-243334-ldl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -ExclusiveArch: i686 x86_64 +ExclusiveArch: %{ix86} x86_64 BuildRequires: gtk2-devel BuildRequires: gtkmm24-devel @@ -164,6 +164,7 @@ %{_datadir}/applications/*.desktop %{_sysconfdir}/xdg/autostart/*.desktop %{_datadir}/pixmaps/*.xpm +%{_datadir}/open-vm-tools %{_sysconfdir}/init.d/* %{_sysconfdir}/vmware-tools %config(noreplace) %{_sysconfdir}/pam.d/* @@ -186,6 +187,10 @@ %changelog +* Tue Oct 5 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.253928-1 +- Update to build 253928 +- Some files section updates + * Wed Apr 7 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.243334-1 - Update to build 243334 - Added patch to fix missing -ldl link with vmware-user Index: sources =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/F-13/sources,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- sources 8 Apr 2010 06:40:56 -0000 1.16 +++ sources 5 Oct 2010 09:45:10 -0000 1.17 @@ -1 +1 @@ -c7c12081a718b341c70463ac4b3509a2 open-vm-tools-2010.03.20-243334.tar.gz +da0ed15d29f4a1f6eca21e8aeeabb476 open-vm-tools-2010.04.25-253928.tar.gz

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools-kmod/devel .cvsignore, 1.16, 1.17 open-vm-tools-kmod.spec, 1.48, 1.49 sources, 1.16, 1.17

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools-kmod/devel In directory se02.es.rpmfusion.net:/tmp/cvs-serv19482 Modified Files: .cvsignore open-vm-tools-kmod.spec sources Log Message: - Update to build 301124 - vmemctl and pvscsi are upstreamed as of kernel 2.6.34 Index: .cvsignore =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/devel/.cvsignore,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- .cvsignore 9 Apr 2010 06:14:32 -0000 1.16 +++ .cvsignore 5 Oct 2010 08:16:22 -0000 1.17 @@ -1 +1 @@ -open-vm-tools-2010.03.20-243334.tar.gz +open-vm-tools-2010.09.19-301124.tar.gz Index: open-vm-tools-kmod.spec =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/devel/open-vm-tools-kmod.spec,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- open-vm-tools-kmod.spec 9 Apr 2010 06:14:32 -0000 1.48 +++ open-vm-tools-kmod.spec 5 Oct 2010 08:16:22 -0000 1.49 @@ -7,9 +7,9 @@ #define buildforkernels newest %define tname open-vm-tools -%define builddate 2010.03.20 -%define buildver 243334 -%define ovtmodules vmblock vmci vmhgfs vmmemctl vmsync vmxnet vsock pvscsi +%define builddate 2010.09.19 +%define buildver 301124 +%define ovtmodules vmblock vmci vmhgfs vmsync vmxnet vsock Name: open-vm-tools-kmod Version: 0.0.0.%{buildver} @@ -23,7 +23,7 @@ BuildRoot: %{_tmppath}/%{name}-%{builddate}-%{release}-root-%(%{__id_u} -n) # VMWare only supports x86 architectures. -ExclusiveArch: i686 x86_64 +ExclusiveArch: %{ix86} x86_64 # get the needed BuildRequires (in parts depending on what we build for) BuildRequires: %{_bindir}/kmodtool @@ -76,6 +76,10 @@ %changelog +* Tue Oct 5 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.301124-1 +- Update to build 301124 +- vmemctl and pvscsi are upstreamed as of kernel 2.6.34 + * Thu Apr 8 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.243334-1 - Update to upstream build 243334 Index: sources =================================================================== RCS file: /cvs/free/rpms/open-vm-tools-kmod/devel/sources,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- sources 9 Apr 2010 06:14:32 -0000 1.16 +++ sources 5 Oct 2010 08:16:22 -0000 1.17 @@ -1 +1 @@ -c7c12081a718b341c70463ac4b3509a2 open-vm-tools-2010.03.20-243334.tar.gz +e38bf6baeba221bf7360ed6822d74b92 open-vm-tools-2010.09.19-301124.tar.gz

13 years, 6 months

1
0
0 / 0

rpms/open-vm-tools/devel .cvsignore, 1.16, 1.17 open-vm-tools.spec, 1.20, 1.21 sources, 1.16, 1.17 open-vm-tools-243334-ldl.patch, 1.1, NONE

by Denis Leroy

Author: denis Update of /cvs/free/rpms/open-vm-tools/devel In directory se02.es.rpmfusion.net:/tmp/cvs-serv18931 Modified Files: .cvsignore open-vm-tools.spec sources Removed Files: open-vm-tools-243334-ldl.patch Log Message: - Update to build 301124 - Removed ldl patch - Removed custom xdg desktop section, upstreamed : ---------------------------------------------------------------------- Index: .cvsignore =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/devel/.cvsignore,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- .cvsignore 9 Apr 2010 06:08:37 -0000 1.16 +++ .cvsignore 5 Oct 2010 08:10:38 -0000 1.17 @@ -1 +1 @@ -open-vm-tools-2010.03.20-243334.tar.gz +open-vm-tools-2010.09.19-301124.tar.gz Index: open-vm-tools.spec =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/devel/open-vm-tools.spec,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- open-vm-tools.spec 9 Apr 2010 06:08:37 -0000 1.20 +++ open-vm-tools.spec 5 Oct 2010 08:10:38 -0000 1.21 @@ -1,5 +1,5 @@ -%define builddate 2010.03.20 -%define buildver 243334 +%define builddate 2010.09.19 +%define buildver 301124 Name: open-vm-tools Version: 0.0.0.%{buildver} @@ -13,10 +13,9 @@ Source2: %{name}-sysconfig.mouse Source3: vmware-toolbox.desktop Source4: %{name}-modprobe.vmnics -Patch0: open-vm-tools-243334-ldl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -ExclusiveArch: i686 x86_64 +ExclusiveArch: %{ix86} x86_64 BuildRequires: gtk2-devel BuildRequires: gtkmm24-devel @@ -73,7 +72,6 @@ # Fix some permissions and formats chmod -x NEWS README ChangeLog AUTHORS COPYING sed -i 's/\r//' README -%patch0 -p1 -b .ldl %build @@ -114,10 +112,6 @@ mkdir -p $RPM_BUILD_ROOT%{_includedir} install -m 0644 lib/include/vmci_sockets.h $RPM_BUILD_ROOT%{_includedir} -# Move vmware-user desktop into autostart directory -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xdg/autostart -mv $RPM_BUILD_ROOT%{_datadir}/applications/vmware-user.desktop $RPM_BUILD_ROOT%{_sysconfdir}/xdg/autostart/ - # Install desktop file and icon for toolbox mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps install -m 0644 toolbox/bigIcon.xpm $RPM_BUILD_ROOT%{_datadir}/pixmaps/vmware-toolbox.xpm @@ -162,6 +156,7 @@ %doc %{_docdir}/open-vm-tools %{_bindir}/vm* %{_datadir}/applications/*.desktop +%{_datadir}/open-vm-tools %{_sysconfdir}/xdg/autostart/*.desktop %{_datadir}/pixmaps/*.xpm %{_sysconfdir}/init.d/* @@ -186,6 +181,11 @@ %changelog +* Tue Oct 5 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.301124-1 +- Update to build 301124 +- Removed ldl patch +- Removed custom xdg desktop section, upstreamed + * Wed Apr 7 2010 Denis Leroy <denis(a)poolshark.org> - 0.0.0.243334-1 - Update to build 243334 - Added patch to fix missing -ldl link with vmware-user Index: sources =================================================================== RCS file: /cvs/free/rpms/open-vm-tools/devel/sources,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- sources 9 Apr 2010 06:08:37 -0000 1.16 +++ sources 5 Oct 2010 08:10:38 -0000 1.17 @@ -1 +1 @@ -c7c12081a718b341c70463ac4b3509a2 open-vm-tools-2010.03.20-243334.tar.gz +e38bf6baeba221bf7360ed6822d74b92 open-vm-tools-2010.09.19-301124.tar.gz --- open-vm-tools-243334-ldl.patch DELETED ---

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

rpmfusion-commits October 2010